[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02831) Re: spd_save doesn't work on usagi-stable-5

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02831) Re: spd_save doesn't work on usagi-stable-5
From: Reiko MORI <mori.reiko@xxxxxxxxxxxxxxxx>
Date: Wed, 03 Mar 2004 18:41:12 +0900
In-reply-to: <87r7wawhz0.wl@karaba.org>
References: <87r7wawhz0.wl@karaba.org>
Reply-to: usagi-users@xxxxxxxxxxxxxx

Thanks mk,

I was using ipsec-conf as you suggested. But it fails.
My typical procedure is this:

0) Append SA & SPD by using pfkey.
1) Display status by using ipsec, it succeeds as follows.
2) Save the status to "file", it (seems) succeed.
3) But "file" contains nothing for SPD!!
4) This means, spd_save does not handle properly input from 
/proc/net/spd.

Probably you too get the same result by this command:
# pfkey --append sp --type esp --protocol any \
  --src 1::1b/128 \
  --dst 2::2b/128 \
  --policy bypass

Right now I found it is because there is "--policy bypass".
When remove this option, it normally be saved to file.
Don't you think it is funny?

In addition, I also noticed it happens may be, because of missing 
SPI. So my second question is: "Do I have to specify the same SPI 
with corresponding SA, whenever append a SP?"

Sincerely
Reiko M.

References:
- (usagi-users 02830) Re: spd_save doesn't work on usagi-stable-5
  - From: Mitsuru KANDA / 神田充

Prev by Date: (usagi-users 02830) Re: spd_save doesn't work on usagi-stable-5
Next by Date: (usagi-users 02832) Loading MN Module deletes routes
Previous by thread: (usagi-users 02830) Re: spd_save doesn't work on usagi-stable-5
Next by thread: (usagi-users 02832) Loading MN Module deletes routes
Index(es):
- Date
- Thread